syslogd: Fix handling of configuration errors
ClosedPublic
Actions

Authored by markj on Sun, Feb 1, 3:10 PM.

Details

Reviewers

jfree
jlduran
eugen_grosbein.net
delphij

Commits

rG29ec3907f193: syslogd: Improve handling of configuration errors

Summary

If parse_selector() returns NULL, we should exit immediately.
Add newlines to a couple of debug messages. Otherwise they don't get printed if the process crashes before the stdio buffer is flushed.

Reported by: Doug Hardie <bc979@lafn.org>
Fixes: f4b4a10abb26 ("syslogd: Move selector parsing into its own function")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Sun, Feb 1, 3:10 PM

Herald added a subscriber: imp. · View Herald TranscriptSun, Feb 1, 3:10 PM

markj requested review of this revision.Sun, Feb 1, 3:10 PM

Harbormaster completed remote builds in B70315: Diff 170937.Sun, Feb 1, 3:10 PM

Since our syslogd's default configuration started including additional configurations installed with non-base packages, it is no more acceptable for it to use err*() functions based on syntax errors in such configuration files. Instead, it should issue a warning, skip bad line and continue with execution. Please do not add new err*() to the syslogd but warn*() with graceful recovery.

eugen_grosbein.net added a reviewer: eugen_grosbein.net.Sun, Feb 1, 4:59 PM

Like eugen suggested, it might be better to skip the line and log a warning on syntax parse failure instead of terminating. It looks like this would require some more surgery to handle other parse errors though.

This otherwise looks good. Perhaps it might be better to ship this now to fix the bug. A separate feature request could be opened for better parser error handling.

This revision is now accepted and ready to land.Mon, Feb 2, 4:08 AM

Make syslogd more forgiving of configuration errors

This revision now requires review to proceed.Mon, Feb 2, 2:09 PM

Harbormaster completed remote builds in B70342: Diff 170980.Mon, Feb 2, 2:09 PM

Note that I would have "accepted" the previous version if it wasn't for Eugene's remark. I can try adding a simple test that checks it is warning and not erroring when parsing a configuration file if you believe it is necessary.
Regarding the missing EOLs in the dprintf()s, I see those are no longer present, evidently the message needs updating upon commit.

This revision is now accepted and ready to land.Mon, Feb 2, 6:07 PM

eugen_grosbein.net accepted this revision.Mon, Feb 2, 11:05 PM

In D55033#1258447, @jlduran wrote:

Note that I would have "accepted" the previous version if it wasn't for Eugene's remark. I can try adding a simple test that checks it is warning and not erroring when parsing a configuration file if you believe it is necessary.

So, there's a complication here: in daemonized mode, we close stdio descriptors, so there's no way for the casper service which parses logs to print an error message. logmsg()/logerror() can't be used from cfline() either, as they expect to be called by the sandboxed logging process, not by the configuration parser.

If -d is specified then I see the error message. Maybe that's good enough, but I'd rather have a better solution. Does anyone have any suggestions?